After years of observing this wonderful industry, I am firmly of the opinion that we are experiencing a gear-shift in technology that is as profound as the printing press in 1436. Take a look at the way people - young people especially – communicate today.
My 14 yr old son and his peers have a profound understanding of communications and technology – and how to adapt that to meet their needs. For example, he recently explained to me how to bypass the school firewall. I'd like to say he's a chip off the old block, but all his pals are the same.
My old NHS audit boss used to say: Steve, think like a criminal and work backwards when you develop defences against fraud and other criminal behaviour. That was 1981. 30 years later that principle still holds true when it comes to IT security and governance matters.
It’s not just the youngsters though, the 20-30 something’s at the Chaos Computer Club in Germany are astounding. The Club is the elite black and white (and grey!) hat hacker group for the region. Unsurprisingly, it has spawned uber-hackers such as Karsten Nohl - the guy whose team has progressively subverted the A1 and A5 encryption systems that form the heart of the GSM and 3G cellular networks.
These guys can now eavesdrop in real time on our mobile phone calls and mobile data sessions. It takes them four minutes to decrypt a WPA2 WiFi password using a multi-core multi-GPU equipped PC. You'll see on the screen you can crack a WPA2 WiFi password in four hours – that's not bad value for £30.00.
It’s all out there on the Internet as open source software. Chuck in a few hundred dollars of hardware and away you go cybercriminal!
What we are seeing here is a technology-driven culture of younger people that have not known a time when they did not have the Internet at their disposal. They really do use the Internet to consume information, to interact, and to communicate in ways and means many of us are only just beginning to fathom.
This all feeds into a brave new world of industrial espionage. It may sound way-out there but terrorist subversion, cyber heists and social engineering have all spawned from this gearshift in technology practice. It is still an arms race, but it’s bigger and quicker than ever. Did you know that Al Qaeda has a 30-strong technology group that specifically used IT subversion to promulgate its jihadist messages of hate? Or that online heists of big bank accounts are taking place using Zeus and SpyEye malware.
This is a real stuff. Not Spooks on a Sunday evening. This is the security threat we – as an IT industry – now face in the real world. I write about this stuff. It's riveting – and it's also frightening.
Combating it all comes down to the effective use of technology to counter cyber-criminality, cyber-espionage and cyber-terrorism. By taking a multi-layered strategy of harnessing the power of as many types of security technology as you can muster, you will create a defensive system for your organisation’s digital assets that is greater than the sum of its constituent parts.
There are plenty of resources out there to help you find out more. I refer you to the COBIT security framework from ISACA, the not for profit governance association and materials available from organisations such as the ISF and ISC(2). We’re not alone in the fight. These non-profit making associations are populated with like minded professionals, who like many of you, are working hard to find a way through the minefield of IT security and governance today.
